Data Protection GDPR General Data Protection Regulation Implications

Data Protection Burden? Boredom? (See the notes for more details)

Data Protection… what you need to know http: //whatyouneedtoknow. co. uk/showreel/ https: //www. youtube.

School staff… what you need to know as… Data Subjects Data Users

Mobile phones • Do you receive/forward any emails/messages to your phone? • Do you

USBs & data storage devices • Do you need to use them? • What

Laptops & Tablets • Are they encrypted? • What data is stored? • Who

Emails • How/where do you access school email? • Is email encrypted/secure? • Use

Good practice • Strong password policy (https: //howsecureismypassword. net/) • Secure printing • Clear

What about these…? • Paper file security, e. g. clear desk policy, locked drawers/cabinets

Data breach – what do I do? • Most common ones in education: •

What does your policy say? Other sources of guidance could be: • Staff Handbook

Staff training • At least every 2 years with updates as necessary • Ongoing

The DPO may lead but data protection is a shared responsibility

Slides: 14

Download presentation

Data Protection & GDPR (General Data Protection Regulation) Implications for school staff Wokingham ‘ICT in Schools’ Team

Data Protection Burden? Boredom? (See the notes for more details)

Data Protection… what you need to know http: //whatyouneedtoknow. co. uk/showreel/ https: //www. youtube. com/watch? v=jw. Fo. Me 5 v. E-o

School staff… what you need to know as… Data Subjects Data Users

Mobile phones • Do you receive/forward any emails/messages to your phone? • Do you store any school related information/data on your phone? • Any storage in the cloud? • How are things deleted? • Is ‘remote wipe’ necessary? • Is it encrypted?

USBs & data storage devices • Do you need to use them? • What do you store on them? • Do you delete data when no longer required? • Are they encrypted? • Loss/theft of an unencrypted device is a potential data breach

Laptops & Tablets • Are they encrypted? • What data is stored? • Who else might use? • How is it transported if taken out of school? • Loss/theft of an unencrypted device is a potential data breach

Emails • How/where do you access school email? • Is email encrypted/secure? • Use of personal email accounts? • Check email addresses are correct • How long are emails kept? • Be aware of possible Subject Access Requests and Freedom of Information requests when writing emails

Good practice • Strong password policy (https: //howsecureismypassword. net/) • Secure printing • Clear policy/procedures for remote or homeworking • Immediate removal of access when staff leave • Always locking your screen (Windows+L)

What about these…? • Paper file security, e. g. clear desk policy, locked drawers/cabinets • Have a clear out and check cupboards and drawers for ‘old’ paper or data that should no longer be retained. • Securely delete/destroy any paper or data stored at home?

Data breach – what do I do? • Most common ones in education: • Lost/stolen paperwork or unencrypted computers and memory sticks • Data posted/faxed or e-mailed to the incorrect recipient • Report it at once to the Headteacher and Data Protection Officer (DPO) • Record and report the details of what happened

What does your policy say? Other sources of guidance could be: • Staff Handbook • Acceptable Use Agreements

Staff training • At least every 2 years with updates as necessary • Ongoing awareness raising, e. g. phishing and ransomware, use of online services

The DPO may lead but data protection is a shared responsibility